Debian Bug report logs -
#432013
freetype: CVE-2007-3506: memory buffer overwrite bug
Reported by: "Alec Berryman" <alec@thened.net>
Date: Fri, 6 Jul 2007 16:51:02 UTC
Severity: grave
Tags: security
Done: Steve Langasek <vorlon@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Steve Langasek <vorlon@debian.org>
:
Bug#432013
; Package freetype
.
(full text, mbox, link).
Acknowledgement sent to "Alec Berryman" <alec@thened.net>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Steve Langasek <vorlon@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: freetype
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2007-3506 [0]:
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType
2.3.3 allows context-dependent attackers to cause a denial of service
and possibly execute arbitrary code via unspecified vectors involving
bitmap fonts, related to a "memory buffer overwrite bug."
This vulnerability may allow access to the accounts of users who use the
package. The original bug report [1] provides instructions on how to
reproduce the issue, but I have been unable to do so. The CVE links to
a patch from freetype's CVS [2]; the code appears to have changed
between Debian's 2.2 and upstream's 2.3 enough that I can't locate where
in ftbitmap.c the offending code exists (if at all).
If this does turn out to affect Debian's version, please note the CVE in
the changelog.
Thanks,
Alec
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3506
[1] http://savannah.nongnu.org/bugs/index.php?19536
[2] http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18&diff_format=u
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGjnKrAud/2YgchcQRAp2sAJ4mMhM+ovCOQ+PczjdsL5AjB+PzFACgjGJu
xU+tJZN4TvZ6hShfJm1o0RA=
=GVM+
-----END PGP SIGNATURE-----
Reply sent to Steve Langasek <vorlon@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to "Alec Berryman" <alec@thened.net>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 432013-done@bugs.debian.org (full text, mbox, reply):
Hi Alec,
On Fri, Jul 06, 2007 at 11:49:47AM -0500, Alec Berryman wrote:
> The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType
> 2.3.3 allows context-dependent attackers to cause a denial of service
> and possibly execute arbitrary code via unspecified vectors involving
> bitmap fonts, related to a "memory buffer overwrite bug."
> This vulnerability may allow access to the accounts of users who use the
> package. The original bug report [1] provides instructions on how to
> reproduce the issue, but I have been unable to do so. The CVE links to
> a patch from freetype's CVS [2]; the code appears to have changed
> between Debian's 2.2 and upstream's 2.3 enough that I can't locate where
> in ftbitmap.c the offending code exists (if at all).
Thank you for the report. I have reviewed the code in question, and am
confident that the vulnerability does not exist in Freetype 2.2.1, having
been introduced in a later reorganization of the ftbitmap.c code. I'm
therefore closing this report, as no action is necessary for the Debian
packages.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 05 Aug 2007 07:25:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:08:56 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.